Learn About CompTIA Exam SY0-201: Security+ 2008 Edition
By Certification Magazine —
1 | 2 |
Tutorial:
An intrusion detection system (IDS) can detect attacks in one of two ways. A signature-based system matches activity against known patterns of attacks. These attack signatures are kept in a database that must be updated as new attacks are uncovered. An anomaly-based system examines patterns that develop over time to establish a baseline. Events that differ enough statistically from the baseline (normal) are tagged as possible attacks. Anomaly-based systems require time to establish the baseline but may be less prone to miss new attacks.
IDS architecture includes two types of intrusion detection systems: host-based and network-based. A host-based IDS (HIDS) is more ambitious and provides more information. A host-based IDS uses a manager and multiple agents to communicate with each other, along with a reporting system to help in solving problems within the network. The agents run on individual host computers.
A network-based IDS (NIDS) is one application that is used to scan all transmissions on a subnet for activity in real time. This application works as both the agent and manager and is effective for thwarting denial-of-service attacks.
References:
“HIDS/NIDS”
TechTarget.com
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1211526,00.html
“intrusion prevention”TechTarget.com
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1032147,00.html
“Penetration testing -- Social engineering, IDS and honey pots”
TechTarget.com
http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1244399,00.html
Objective: Systems security.
Sub-objective: Explain the security risks pertaining to system hardware and peripherals.
Single answer, multiple-choice
You currently have all computer systems set up to boot first from the hard drive. You want to prevent computers from booting from CDs, DVDs or USB drives. What should you do?
A. Flash the BIOS.
B. Password protect the BIOS.
C. Apply a security template.
D. Create a configuration baseline.
Answer:
B
Tutorial:
You need to password protect the BIOS to prevent users from changing the boot order in the BIOS. If the BIOS is not protected with a password, any user can enter the BIOS when the computer is booting and alter the boot order.
There is no reason to flash the system BIOS. Flashing is the method used to update the BIOS. It is typically not necessary unless BIOS problems are discovered or if a newer version is required to support an upgrade, such as a new operating system version.
You should not apply a security template. Security templates configure security settings such as password and access settings. They do not apply any settings before the operating system has loaded. The security templates provided with Windows have various levels of default settings. You also can create custom security templates.
You should not create a configuration baseline. You create a configuration baseline to help manage changes to your computer systems. The configuration baseline describes the state of the system at the time you create the baseline. When you make changes to the system, you should also update the baseline. A configuration baseline can also describe the desired standard configuration of a system.
References:
“USB storage devices: Two ways to stop the threat to network security”
TechTarget.com
http://searchnetworking.techtarget.com/tip/0,289483,sid7_gci1276067,00.html
“BIOS”
Webopedia
http://www.webopedia.com/TERM/B/BIOS.html
“Understanding Windows Security Templates”Windowsecurity.com
http://www.windowsecurity.com/articles/Understanding-Windows-Security-Templates.html
“Baseline (configuration management)”Wikipedia
http://en.wikipedia.org/wiki/Baseline_(configuration_management)
Objective: Access control.
Sub-objective: Identify and apply industry best practices for access control methods.
Single answer, multiple-choice
What does an implicit deny on an access control list (ACL) do?
A. It denies all traffic.
B. It denies only traffic that is specifically denied.
C. It deactivates the ACL.
D. It denies any traffic not specifically allowed.
Answer:
D
Tutorial:
The principle of implicit deny is implemented in most routers and firewalls. An implicit deny means that any traffic that is not specifically allowed by an access control entry (ACE) is denied. This makes the network more secure. An ACL restricts access to a network or network segment to only those addresses and ports that are allowed. Operating systems also use ACLs to determine which users have rights to files and folders.
References:
“Infrastructure Planning and Design”
Microsoft TechNet
TechTarget.com
http://searchsoftwarequality.techtarget.com/sDefinition/0,,sid92_gci213757,00.html
1 | 2 |
